The Cloud Security Risk of Remote Workers, and How to Stop It

Telecommuting has been on the rise for over a decade. According to research from Global Workplace Analytics and FlexJobs, the number of people working remotely in the U.S. increased by 159% between 2005 and 2017, and then increased again by 22% between 2017 and 2018.

A flexible workplace offers multiple benefits — but cloud security is a weak link that can put your business at risk. According to the 2019 Netwrix Cloud Data Security Report, 38% of organizations that employ remote workers suffered cloud data security breaches, which was double the rate reported by more traditional organizations with on-site employees only.

Why do Remote Workers Pose a Cyber Threat?

Remote workers are not limited to freelancers and contractors. Today, some employees work from home or other locations every day, or log into the corporate network occasionally when they need to, such as during a business trip or on a sick day.

It’s also common for remote workers to log into your corporate network from their own devices, which are more likely to have security vulnerabilities. For example, you have little or no ability to ensure that those devices are free from malicious software and that they are properly patched. In addition, you are less able to respond promptly if a remote user makes a mistake that leads to unauthorized data access or even data compromise.

Such mistakes are too costly to ignore: The 2019 Ponemon Cost of Data Breach study found that 24% of all data breaches are due to human error, with the total cost of a data breach being $133 per record. Costs include both direct financial impacts (e.g., compliance fines and litigation) and indirect costs caused by damage to your reputation (e.g., loss of customer loyalty and brand value).

How Can You Mitigate These Threats?

Managing remote workers properly is impossible without deep insight into what they are doing – specifically when operating in your cloud environment. To overcome the risk you need to have deep visibility into both user activities and your data:

Visibility into user activities

Visibility into who does what, where and when, enables you to quickly detect suspicious behavior and respond before you suffer a data breach. Moreover, it enables you investigate incidents thoroughly to ensure they won’t happen again and demonstrate proof of regulatory compliance to auditors. Many organizations still lack sufficient visibility into user activity: 59% of Netwrix survey respondents that employ remote workers were not able to identify the threat actors behind security incidents in the cloud.

How Can Visibility Boost Your Business?

Having visibility into your cloud environment offers huge long-term benefits to your business as well. First, being able to store the personal data of your customers securely and respond promptly to requests to be forgotten will help you demonstrate your dedication to data privacy. The resulting customer loyalty is a definite competitive advantage.

Visibility into data and user activities around it also enables you to spend less time and resources on compliance — and avoid huge fines. Just think about it: as of February 2019, fines for GDPR violations already totaled $60 million, and that’s not including the fines imposed on Marriott International Inc. ($124 million) and British Airways ($230 million) in July 2019. With the introduction of additional privacy regulations worldwide (such as the CCPA in the U.S.), tools for monitoring user activity and classifying data will become even more indispensable.

Original source: https://ceoworld.biz/2019/09/27/the-cloud-security-risk-of-remote-workers-and-how-to-stop-it/

Security Strategist & VP of User Experience at Netwrix. Ilia is responsible for technical enablement, UX design, and product vision and strategy. He is a recognized expert in information security and an official member of Forbes Technology Council. Ilia has over 20 years of experience in the IT management software market. In the Netwrix blog, Ilia focuses on cybersecurity trends, strategies and risk assessment.